]>
git.ipfire.org Git - thirdparty/apache/httpd.git/log
Sander Striker [Sat, 13 Apr 2002 12:02:38 +0000 (12:02 +0000)]
Adapt to the rename of apr_explode_localtime to apr_time_exp_lt in APR.
Submitted by: Thom May <thom@planetarytramp.net>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94631
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Fri, 12 Apr 2002 17:46:09 +0000 (17:46 +0000)]
Touch these files so that their datestamps are newer than the corresponding
.y and .l files. These must be kept newer than those at all times to avoid
introducing a dependency on flex and yacc.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94623
13f79535 -47bb-0310-9956-
ffa450edef68
Aaron Bannert [Tue, 9 Apr 2002 15:53:09 +0000 (15:53 +0000)]
Convert mod_ssl to the new apr_global_mutex.h API and remove all
uses of apr_lock.h [deprecated]. Tested that I could serve simple
SSL (v3) pages.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94583
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Mon, 8 Apr 2002 19:07:58 +0000 (19:07 +0000)]
another todo
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94547
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 7 Apr 2002 21:58:25 +0000 (21:58 +0000)]
PR: 7802
Obtained from:
Submitted by:
Reviewed by:
fix compilation problem in ssl_engine_kernel.c
if SSL_LIBRARY_VERSION >= 0x00907000
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94527
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 7 Apr 2002 06:32:21 +0000 (06:32 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
ssl_io_input_read now returns APR_EOF if ssl_io_hook_read returns 0
bytes for a reason other than SSL_ERROR_WANT_READ. this should
prevent a possible endless loop.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94519
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 7 Apr 2002 03:37:35 +0000 (03:37 +0000)]
fix ProxyPass when frontend is https and backend is http
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94515
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Fri, 5 Apr 2002 07:31:44 +0000 (07:31 +0000)]
Get the HTTP-on-HTTPS hint to come through again. We're in AP_MODE_GETLINE
at this point, so the \r\n\r\n just confuses the http input filter.
One concern: this patch is only correct as long as we only ever call this
function while in AP_MODE_GETLINE. Ideally we would account for the mode
and return the newlines if not in GETLINE mode, but at the moment it doesn't
seem to matter.
Reviewed by: Doug MacEachern
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94453
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 5 Apr 2002 02:31:04 +0000 (02:31 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
avoid the error_log message: [error] mod_ssl: Certificate Verification: Error ...
if SSLProxyVerify is not configured or set to "none".
the verify callback does not happen in the server context when
SSLVerify is not configured or set to "none".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94444
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 22:07:09 +0000 (22:07 +0000)]
fix SSL_X509_INFO_load_path so SSLProxyMachineCertificatePath works
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94406
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 21:57:31 +0000 (21:57 +0000)]
copy-n-pasto: need to use SSL_X509_INFO_load_*path* on pkp->cert_path
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94405
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 21:56:12 +0000 (21:56 +0000)]
copy-n-pasto: ssl_cmd_SSLProxyMachineCertificatePath needs to set cert_path
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94404
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 21:32:35 +0000 (21:32 +0000)]
fix copy-n-pasto: ssl_cmd_SSLProxyCACertificatePath needs to use
ssl_cmd_check_dir rather than ssl_cmd_check_file
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94403
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 20:53:17 +0000 (20:53 +0000)]
another todo
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94400
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 17:30:08 +0000 (17:30 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by: Ryan Bloom
ap_remove_output_filter no longer works for connection filters.
change logic in the case of "HTTP spoken on HTTPS port" to disable the
ssl filters rather than attempt to remove the filters.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94393
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 2 Apr 2002 17:23:41 +0000 (17:23 +0000)]
various updates
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94392
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 08:11:44 +0000 (08:11 +0000)]
add/use EVP_PKEY_reference_inc and X509_reference_inc compat macros
to get these changes working with sslc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94341
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 07:42:30 +0000 (07:42 +0000)]
add sslc compat for sk_X509_INFO_free
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94340
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)]
add SSLProxyCARevocation{File,Path} directives to support CRLs in the proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94338
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 06:38:10 +0000 (06:38 +0000)]
pass sc to myCtxConfig macro
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94337
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 06:36:56 +0000 (06:36 +0000)]
make it possible for proxy to use CRL callback
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94336
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 06:20:16 +0000 (06:20 +0000)]
enable the verify callback for proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94334
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 06:03:08 +0000 (06:03 +0000)]
change sc->server references to myCtxConfig, so proxy can use the
verify callback.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94332
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 05:57:59 +0000 (05:57 +0000)]
add myCtxConfig macro
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94331
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 05:40:02 +0000 (05:40 +0000)]
implement proxy client certificate callback
(uses SSLProxyMachineCertificate{File,Cert} when downstream server
requires a client certificate)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94329
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 05:16:55 +0000 (05:16 +0000)]
input filter should not return failure when ssl runtime wants to read more
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94328
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 04:52:48 +0000 (04:52 +0000)]
ssl_io_input_read needs to return something other than APR_SUCCESS
when bucket read from socket was successful,
but there was an error within the ssl runtime.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94327
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 01:50:10 +0000 (01:50 +0000)]
load SSLProxyMachineCertificate{File,Path}
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94324
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sat, 30 Mar 2002 01:41:35 +0000 (01:41 +0000)]
enable/cleanup SSL_X509_INFO_load_{file,path} functions for use in
proxy context
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94323
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Sat, 30 Mar 2002 00:00:21 +0000 (00:00 +0000)]
Fix the version string. We want to end up with "mod_ssl/2.0.xx", not
"mod_ssl/Apache/2.0.xx".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94320
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 17:56:33 +0000 (17:56 +0000)]
add SSLProxyEngine directive. this was not required in the 1.x based
mod_ssl because the SSL_CTX was created and configured for *every*
request. unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance. but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94314
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Fri, 29 Mar 2002 08:17:26 +0000 (08:17 +0000)]
BUCKET FREELISTS
Add an allocator-passing mechanism throughout the bucket brigades API.
From Apache's standpoint, the apr_bucket_alloc_t* used throughout a given
connection is stored in the conn_rec by the create_connection hook. That
means it's the MPM's job to optimize recycling of apr_bucket_alloc_t's --
the MPM must ensure that no two threads can ever use the same one at the
same time, for instance.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94304
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 07:37:28 +0000 (07:37 +0000)]
remove ssl_engine_ext.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94302
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 07:36:01 +0000 (07:36 +0000)]
removing old proxy extension code
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94301
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 07:23:09 +0000 (07:23 +0000)]
need to flush output buffer before reading in proxy mode
need to call ssl_hook_process_connection in the output filter in proxy
mode, since proxy hits the output filter before the input filter
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94299
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 07:22:43 +0000 (07:22 +0000)]
in proxy mode we need to SSL_connect rather than SSL_accept in
ssl_hook_process_connection.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94298
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Fri, 29 Mar 2002 07:12:01 +0000 (07:12 +0000)]
These two variables were left uninitialized accidentally.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94297
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 04:50:37 +0000 (04:50 +0000)]
add optional function (ssl_proxy_enable) to turn on ssl proxy
choose SSL_CTX based on SSLConnRec.is_proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94293
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 04:48:01 +0000 (04:48 +0000)]
init proxy context
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94292
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 03:19:12 +0000 (03:19 +0000)]
s/id/mode/ in ssl_cmd_SSLProxyVerify
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94290
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 03:05:49 +0000 (03:05 +0000)]
use ssl_cmd_verify_parse for SSLProxyVerify directive handler
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94289
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:59:27 +0000 (02:59 +0000)]
cleanup the proxy context
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94288
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:48:20 +0000 (02:48 +0000)]
s/ctx/dcfg/g in ssl directive handlers
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94287
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:43:33 +0000 (02:43 +0000)]
enable proxy directives
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94286
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:20:58 +0000 (02:20 +0000)]
change existing ssl_init_ctx() to ssl_init_ctx_protocol()
new ssl_init_ctx() inits the lot: protocol, session_cache, callbacks,
verify, cipher suite, crl, cert_chain
new ssl_init_server_ctx function inits everything for sc->server
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94285
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:09:59 +0000 (02:09 +0000)]
proxy will have a different verify callback
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94283
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:06:57 +0000 (02:06 +0000)]
proxy needs to use client ssl method
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94282
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:01:49 +0000 (02:01 +0000)]
setup sc->proxy->sc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94281
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 02:00:20 +0000 (02:00 +0000)]
add ssl_config_server_new function to fold some duplication in server
create/merge and to make sure merge config is fully inititialized
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94280
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 01:56:40 +0000 (01:56 +0000)]
inititialize and merge proxy config
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94279
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 01:42:04 +0000 (01:42 +0000)]
no point in merging things which are not set until after merge happens.
make a note of those which are set during module init.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94278
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 29 Mar 2002 01:24:10 +0000 (01:24 +0000)]
'ctx' traditionally refers to an SSL_CTX. change modssl_ctx_t
instances to 'mctx'
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94277
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 19:50:48 +0000 (19:50 +0000)]
ctx->sc is set during init
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94275
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 19:48:31 +0000 (19:48 +0000)]
switch from SSLSrvConfigRec* to modssl_ctx_t* in the ssl_init_ctx*
functions
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94274
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 19:15:03 +0000 (19:15 +0000)]
make merging of modssl_ctx_t's generic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94273
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 18:58:06 +0000 (18:58 +0000)]
moving cfgMerge macros to ssl_engine_config.c, they are not used anywhere else
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94271
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 18:54:52 +0000 (18:54 +0000)]
remove unused cfgMerge{Table,Ctx} macros
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94269
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 18:53:54 +0000 (18:53 +0000)]
moving protocol location
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94268
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 18:50:07 +0000 (18:50 +0000)]
breakup SSLSrvConfigRec in preparation for proxy support:
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t - certs/keys for the proxy
+ modssl_auth_ctx_t - stuff related to authentication that can also
be per-dir, used by both server and proxy
+ modssl_ctx_t - context that can be used by both server and proxy
+ SSLSrvConfigRec - now contains original stuff specific to the
server config and modssl_ctx_t *server, *proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94267
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 17:23:50 +0000 (17:23 +0000)]
ripping out some proxy stuff that isn't currently in use and is going
to change anyhow.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94266
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 17:16:41 +0000 (17:16 +0000)]
already added configure check for SSL_set_cert_store
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94265
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 17:11:12 +0000 (17:11 +0000)]
de-hungarian-ize server config member names which are going to stay
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94264
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 16:47:36 +0000 (16:47 +0000)]
reorder a bit of the server config structure, moving items that are
going to stay there to the top.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94263
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:51:52 +0000 (02:51 +0000)]
remove error msg hint that is no longer true
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94261
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:46:28 +0000 (02:46 +0000)]
fixup naming:
ssl_init_ctx_* will be used for both proxy and server
ssl_init_server_* is specific to the server
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94260
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:40:01 +0000 (02:40 +0000)]
move context callback setting to ssl_init_ctx_callbacks function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94259
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:36:05 +0000 (02:36 +0000)]
move server cert/key initialization to ssl_init_server_certs function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94258
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:28:06 +0000 (02:28 +0000)]
copy DSA params to server server during key import
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94257
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:09:58 +0000 (02:09 +0000)]
fix logic from last commit, need to always try importing _both_ rsa
and dsa
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94256
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 02:01:03 +0000 (02:01 +0000)]
fold some duplication into generic ssl_server_import_key function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94255
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 01:47:50 +0000 (01:47 +0000)]
fold some duplication into generic ssl_server_import_cert function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94253
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 01:32:41 +0000 (01:32 +0000)]
move server cert checking into generic ssl_check_public_cert function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94252
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 01:14:53 +0000 (01:14 +0000)]
move server specific init config checks into ssl_init_check_server
function (ssl_init_check_proxy will be different)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94250
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 01:07:20 +0000 (01:07 +0000)]
break out certificate chain initialization into
ssl_init_cert_chain function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94249
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Mar 2002 00:34:13 +0000 (00:34 +0000)]
there is a heaping pile of:
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94247
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)]
break out certificate revocation list initialization into
ssl_init_crl function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94246
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 23:49:09 +0000 (23:49 +0000)]
break out cipher suite initialization into ssl_init_cipher_suite function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94245
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 23:35:31 +0000 (23:35 +0000)]
"new" is a c++ keyword; s/new/mrg/g in config merge functions
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94244
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 23:25:58 +0000 (23:25 +0000)]
move warning about session cache not being configured to ssl_scache_init
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94243
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 23:19:08 +0000 (23:19 +0000)]
break out SSL_CTX session initialization into
ssl_init_session_cache_ctx function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94242
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 22:31:33 +0000 (22:31 +0000)]
add license
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94239
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Wed, 27 Mar 2002 21:16:37 +0000 (21:16 +0000)]
"Oops" has two o's in it. :)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94235
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 21:14:49 +0000 (21:14 +0000)]
break SSL_CTX initialization into ssl_init_ctx function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94234
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 21:07:08 +0000 (21:07 +0000)]
(starting to break apart the init code into smaller, generic functions,
preparing for proxy support)
break out verify code into ssl_init_verify function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94233
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 19:38:05 +0000 (19:38 +0000)]
bringing back MOD_SSL_VERSION macro, define it to AP_SERVER_BASEVERSION
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94231
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 19:11:11 +0000 (19:11 +0000)]
adjustment for sslc where its PEM_read_bio_PrivateKey does not take a
callback arg.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94230
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 18:46:49 +0000 (18:46 +0000)]
static-ize {write,read}tty variables
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94227
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 18:20:37 +0000 (18:20 +0000)]
move prototype for modssl_session_get_time to ssl_util_ssl.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94226
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 18:19:44 +0000 (18:19 +0000)]
add modssl_dh_configure() function to fold some duplication in
get_dh{512,1024} and provide toolkit compat for sslc 2.x
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94225
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 17:02:56 +0000 (17:02 +0000)]
add configure checks for ssl functions:
-SSL_set_state: macro in OpenSSL, might be a function in a patched sslc
-SSL_set_cert_store: patch submitted to OpenSSL, might be applied to
OpenSSL or sslc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94223
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 06:01:03 +0000 (06:01 +0000)]
fix doofo in last commit
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94218
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 05:58:31 +0000 (05:58 +0000)]
sslc 1.x does not have an x509v3.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94217
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 05:50:56 +0000 (05:50 +0000)]
sslc does not currently support X509V3_EXT_d2i
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94216
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 04:02:46 +0000 (04:02 +0000)]
toolkit compat for PEM_read_bio_PrivateKey
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94215
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:58:26 +0000 (03:58 +0000)]
use compat macro for another PEM_read_bio_X509
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94214
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:56:02 +0000 (03:56 +0000)]
toolkit compat for PEM_read_bio_X509
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94213
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:46:36 +0000 (03:46 +0000)]
adjust to another const char vs char mismatch between OpenSSL and sslc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94212
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:42:21 +0000 (03:42 +0000)]
use SSL_SESSION_ api since SSL_SESSION cannot be dereferenced when using sslc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94211
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:33:57 +0000 (03:33 +0000)]
typo fix s/EDG/EGD/g
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94210
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 03:31:23 +0000 (03:31 +0000)]
modssl_set_cipher_list was in the wrong place for OpenSSL
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94209
13f79535 -47bb-0310-9956-
ffa450edef68